Commit Graph

5752 Commits

Author SHA1 Message Date
Gilles Peskine
26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
bead71752e Correct typo in rsa.c 2017-09-29 12:41:06 +01:00
Hanno Becker
e1582a832b Add expectation when testing RSA key import/export
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.

Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
2017-09-29 11:54:05 +01:00
Hanno Becker
4d6e83406c Improve readability of test for mbedtls_rsa_import 2017-09-29 11:54:05 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
ba1ba11a98 Check that length is properly set in mbedtls_rsa_check_pubkey 2017-09-29 11:54:05 +01:00
Hanno Becker
2f8f06aa25 Don't always recompute context length in mbedtls_rsa_get_len
This commit changes the implementation of `mbedtls_rsa_get_len` to return
`ctx->len` instead of always re-computing the modulus' byte-size via
`mbedtls_mpi_size`.
2017-09-29 11:54:05 +01:00
Hanno Becker
54cfc585cd Add test cases for mbedtls_rsa_import[_raw] where N is missing 2017-09-29 11:54:05 +01:00
Hanno Becker
2cca6f3290 Always deduce N from P, Q in mbedtls_rsa_complete
Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.
2017-09-29 11:54:05 +01:00
Hanno Becker
041a6b030f Adapt ChangeLog 2017-09-28 14:52:26 +01:00
Hanno Becker
cc56628117 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-09-26 16:21:19 +01:00
Ron Eldor
8b766218a8 Update ChangeLog
Update ChangeLog according to Andres seggestion
2017-09-24 15:44:56 +03:00
Ron Eldor
2981a0a740 Address Andres PR comments
Address Andres' comments in the PR
2017-09-24 15:41:09 +03:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Hanno Becker
6428f8d78e Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-09-22 16:58:50 +01:00
Hanno Becker
d8a6f7cfbe Clarify code-paths in x509write_csr and x509write_crt 2017-09-22 16:05:43 +01:00
Hanno Becker
a20e33ad59 Use X509 CRT version macros for version checks in x509write_crt_der 2017-09-22 15:40:01 +01:00
Hanno Becker
7f3652ddf1 Fix error code printing in cert_write
Error codes can consume up to two bytes, but only one was printed so far.
2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791 Use X509 CRT version macros in cert_write program 2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e Fix senseless comment 2017-09-22 15:35:16 +01:00
Hanno Becker
930025da6d Adapt ChangeLog 2017-09-18 16:12:28 +01:00
Florin
0b7b83fd91 Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-09-18 16:11:42 +01:00
Hanno Becker
2b187c4d5f Correct typo 2017-09-18 16:11:42 +01:00
Hanno Becker
09930d1f01 Add expected number of fragments to 16384-byte packet tests 2017-09-18 16:11:42 +01:00
Hanno Becker
c526696c05 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-09-18 16:11:42 +01:00
Hanno Becker
4aed27e469 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-09-18 16:11:42 +01:00
Hanno Becker
e4ad3e8803 Allow requests of size larger than 16384 in ssl_client2 2017-09-18 16:11:42 +01:00
Hanno Becker
5175ac6e13 Add tests for disabled MFL-extension to all.sh
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-09-18 16:11:39 +01:00
Andres Amaya Garcia
01692531c6 Document code silently discarding invalid records 2017-09-14 20:20:31 +01:00
Andres Amaya Garcia
f569f701c2 Fix ChangeLog entry 2017-09-14 20:20:21 +01:00
Andres Amaya Garcia
06fc6650f4 Add ChangeLog entry 2017-09-14 20:20:15 +01:00
Andres Amaya Garcia
2fad94b193 Dont send alert on invalid DTLS record type
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Hanno Becker
d4a872ee67 Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
2017-09-14 08:04:13 +01:00
Hanno Becker
45037ceac5 Add check for presence of relevant parameters in mbedtls_rsa_private
If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is
not used, check for N, P, Q, D, E only.
2017-09-14 08:02:14 +01:00
Hanno Becker
81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker
476986547b Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-09-14 07:51:54 +01:00
Hanno Becker
d7f3520360 Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-09-14 07:51:54 +01:00
Hanno Becker
fc77144802 Fix extraction of signature-type from PK context instance 2017-09-14 07:51:54 +01:00
Hanno Becker
418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Hanno Becker
6c13d37961 Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-09-13 15:42:16 +01:00
Hanno Becker
9be1926b69 Correct parsing checks in mbedtls_pk_parse_key
Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`.
2017-09-08 12:39:44 +01:00
Hanno Becker
66a0f83d58 Remove unreachable branches in pkparse.c 2017-09-08 12:39:21 +01:00
Hanno Becker
5a4f172522 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-09-07 15:40:30 +01:00
Hanno Becker
c8063c58f0 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-09-07 15:30:12 +01:00
Hanno Becker
b8d1657148 Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der
Also fixes a typo.
2017-09-07 15:29:01 +01:00
Hanno Becker
2aa80a706f Remove unnecessary cast 2017-09-07 15:28:45 +01:00
Ron Eldor
7268ca9500 remove redundant include
Remove redunadnat include for platform.h which was acciddently pushed,
for debugging purposes
2017-09-05 14:29:20 +03:00